policy_testserver: set obfuscated_customer_id for device PolicyData

Set |PolicyData.obfuscated_customer_id| to a constant when
policy_testserver is answering device policy fetch requests.
The field is necessary when performing attestation using the Enterprise
Machine Key (EMK) - i.e. when answering non-user-specific Verified
Access challenges. This is performed by some tast tests that use
policy_testserver, notably those that test built-in client certificate
provisioning.

Bug: 1073974
Change-Id: I0f6f358fafabb82d4d99683f5be54e836f9e8d96
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2310358Reviewed-by: Igor <igorcov@chromium.org>
Commit-Queue: Pavol Marko <pmarko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#793196}

components/policy/test_support/policy_testserver.py

@@ -247,6 +247,10 @@ fHXdC808L+jJ0zgOBlJbbCM3TliiVqDE6Lcc3GShA1mrjvGmAy05e1ejgGZYX7c5
 C97TFZS6CD+9uC2FV4RWJuO56kCGlDVLI3/iwIThtywvDt0qKnSsGA==
 -----END RSA PRIVATE KEY-----"""
 
+# The obfuscated_customer_id that will be served in device policy PolicyData
+# responses.
+OBFUSCATED_CUSTOMER_ID = 'policy_testserver_customer_id'
+
 class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
   """Decodes and handles device management requests from clients.
 
@@ -1238,6 +1242,12 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
     if user_affiliation_ids:
       policy_data.user_affiliation_ids.extend(user_affiliation_ids)
 
+    if msg.policy_type == 'google/chromeos/device':
+      # Fill |obfuscated_customer_id| for PolicyData in device policy fetches.
+      # Verified Access attestation using the Enterprise Machine Key (EMK)
+      # requires it since https://crbug.com/1073974.
+      policy_data.obfuscated_customer_id = OBFUSCATED_CUSTOMER_ID
+
     response.policy_data = policy_data.SerializeToString()
 
     # Sign the serialized policy data